Bevy supports Single Sign On via OAuth 2.0.
Requirements
To support Single Sign On via OAuth2.0, Bevy requires the following:
- Do you have your OAuth2.0 documentation to share?
- Do you have the URLs to access the authentication?
- Please share the following pieces of information via a secure channel to your Bevy POC:
- Authorize URL
- Access Token URL
- User Info URL
- Client ID
- Client Secret
After Bevy see your documentation, we will confirm the callback URLs that you need to whitelist.
Typically, there are 3 that we ask for: testing, staging, and production URLs. The URLs will generally be in this format:
- Add a callback URL for Bevy to test:
https://<client-id>-staging.bevylabs.com/accounts/oauth/login/callback/
- Here,
<client-id>
is the same ID used for the bevylabs.com subdomain. If you are unsure what this is, please contact Bevy Support.
- Here,
- Add a callback URL for your instance during onboarding:
https://<client-id>.bevylabs.com/accounts/oauth/login/callback/
- Add a callback URL for your final chosen domain that will be used when you go live with Bevy:
https://<yourdomain>/accounts/oauth/login/callback/
Use https://<yourdomain>/accounts/oauth/login/
to configure this provider for service provider-initiated SSO. For example, https://bevy.com/accounts/oauth/login/
Support for PKCE
Bevy supports the PKCE Flow, which adds a Code Verifier and Code Challenge to the OAuth 2.0 Authentication Code process if your identity provider is configured for it.
To enable PKCE, request this option from your Bevy onboarding team or to the support team if you already completed the onboarding process.